CVE-2013-3961
Simple PHP Agenda < 2.2.9 - Authenticated SQL Injection via edit_event.php eventid Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-3961. PoCs published by Anthony Dubuissez.
AI-analyzed exploit summary The advisory describes a SQL injection vulnerability in php-agenda <= 2.2.8, where the edit_event.php file does not properly sanitize parameters, allowing authenticated users to dump database information via a crafted URL.
Description
SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter.
Exploits (1)
The advisory describes a SQL injection vulnerability in php-agenda <= 2.2.8, where the edit_event.php file does not properly sanitize parameters, allowing authenticated users to dump database information via a crafted URL.